Closed Bug 486240 Opened 15 years ago Closed 1 year ago

hang with foreignObject in pattern used as fill

Categories

(Core :: SVG, defect)

defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: myk, Unassigned)

Details

(Keywords: hang, perf)

Attachments

(2 files)

An SVG image containing a foreignObject inside a pattern that is used to fill a rectangle hangs the browser.  Here's a reduced testcase:

  <svg xmlns="http://www.w3.org/2000/svg">
    <defs>
      <pattern id="foo" width="200" height="200">
        <foreignObject/>
      </pattern>
    </defs>
    <rect width="200" height="200" fill="url(#foo)"/>
  </svg>

On Linux (Ubuntu 8.10), the window manager also becomes unresponsive.  On Windows, the OS stays responsive, but nothing gets dumped to the console.  On Mac, the OS and other applications stay responsive, and the following gets dumped to the Terminal window in which I started Firefox:

	Tue Mar 31 18:21:36 myk-2 firefox-bin[1158] <Error>: CGBitmapContextCreateImage: failed to allocate 1073741824 bytes.
Tue Mar 31 18:21:36 myk-2 firefox-bin[1158] <Error>: CGImageCreate: invalid image provider: NULL.
firefox-bin(1158,0xa0852720) malloc: *** mmap(size=1073741824) failed (error code=12)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug

cc:ing roc because I think this affects bug 486028 and Jesse in case this interests him in fuzzing SVG (if he isn't already doing it).
WFM on Windows with Firefox Trunk and 3.0. What version is supposed to hang?

Is it possible to provide a stack trace?
Note: it doesn't make a difference whether the pattern is in the same document or a different one (and referenced via an external document reference), except that when the pattern is in a different document, the browser takes an extra second or two before hanging (presumably because it doesn't hang until it finishes loading the second document).

It does matter that the pattern actually be used to fill something.  A pattern with a foreignObject that isn't actually being used by anything doesn't cause a hang.


(In reply to comment #1)
> WFM on Windows with Firefox Trunk and 3.0. What version is supposed to hang?

I had been testing on the latest Shiretoko nightlies, but I've just tested trunk nightlies and 3.0 release builds, and they too hang for me.


> Is it possible to provide a stack trace?

Yes, I'll build a debug build and generate one.  (Or is there some way to invoke the crash reporter when forcing a hung instance to quit?)
Presumably you checked that a pattern without a foreignObject doesn't hang.
these days the crash reporter should send stacks for all threads, so a kill -4 or equiv in theory should work (untested).
(In reply to comment #3)
> Presumably you checked that a pattern without a foreignObject doesn't hang.

Yes! That works fine.  Also, I'm testing with a fresh profile.


(In reply to comment #4)
> these days the crash reporter should send stacks for all threads, so a kill -4
> or equiv in theory should work (untested).

kill -4 brings up the Apple crash dialog but not the Mozilla one.


Here's a stacktrace from a debug Mac trunk build off a recent pull at the breakpoint in malloc_error_break.
I just reproduced it on Mac OS with 3.1b3pre, fresh profile.  Total beachball hang, had to force-quit.
Keywords: perf
Keywords: hang
Assignee: nobody → jwatt
Assignee: jwatt → nobody
Severity: normal → S3

Doesn't seem to hang any more.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: